CVE-2025-54595 is a high-severity OS command injection vulnerability affecting the Pearcleaner macOS application, specifically its privileged helper tool PearcleanerHelper. PearcleanerHelper is designed to perform privileged operations on behalf of the user after explicit approval via a system prompt. Once approved, the helper runs as a LaunchDaemon with root privileges and registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) that accepts unauthenticated connections from any local process. The vulnerability arises because this XPC service exposes a method that executes arbitrary shell commands without proper sanitization or authentication. Consequently, any local unprivileged user can connect to this service and execute arbitrary commands with root privileges, effectively escalating their privileges. This issue affects Pearcleaner versions 4.4.0 through 4.5.1 and is resolved in version 4.5.2. The CVSS v3.1 score is 7.3 (High), reflecting the vulnerability's significant impact on confidentiality, integrity, and availability, combined with relatively low attack complexity but requiring user interaction to approve the helper's privileged status. No known exploits are currently reported in the wild. The root cause is improper neutralization of special elements in OS commands (CWE-78) and improper privilege management (CWE-269).

For European organizations using Pearcleaner on macOS systems, this vulnerability poses a serious risk of local privilege escalation. An attacker with local access—such as an insider threat, a compromised user account, or malware operating with user-level permissions—can exploit this flaw to gain root-level control. This could lead to full system compromise, unauthorized access to sensitive data, installation of persistent malware, or disruption of system availability. Organizations relying on macOS for critical workflows or handling sensitive information are particularly at risk. The requirement for user approval to activate the helper limits remote exploitation but does not mitigate insider threats or attacks leveraging social engineering to gain user consent. The vulnerability could also be leveraged in multi-user environments or shared workstations common in European enterprises, increasing the attack surface. Given the high severity and the privileged nature of the helper, the impact on confidentiality, integrity, and availability is substantial.

1. Immediate upgrade to Pearcleaner version 4.5.2 or later, where the vulnerability is fixed, is the most effective mitigation. 2. Until upgrade, restrict local user access to systems running vulnerable Pearcleaner versions to trusted personnel only. 3. Monitor and audit the activation of the PearcleanerHelper LaunchDaemon and the approval prompts to detect unauthorized approvals. 4. Employ macOS security features such as System Integrity Protection (SIP) and Endpoint Detection and Response (EDR) tools to detect anomalous privilege escalations or unauthorized command executions. 5. Consider removing or disabling PearcleanerHelper if not essential, or replacing Pearcleaner with alternative macOS cleaning tools that do not require privileged helpers. 6. Educate users about the risks of approving privileged operations and implement policies to minimize unnecessary approvals. 7. Use application whitelisting and restrict execution of unknown or untrusted local processes to reduce the risk of exploitation by local attackers.